meillo@367: /* meillo@367: ** MasqMail meillo@367: ** Copyright (C) 1999-2001 Oliver Kurth meillo@367: ** Copyright (C) 2010 markus schnalke meillo@367: ** meillo@367: ** This program is free software; you can redistribute it and/or modify meillo@367: ** it under the terms of the GNU General Public License as published by meillo@367: ** the Free Software Foundation; either version 2 of the License, or meillo@367: ** (at your option) any later version. meillo@367: ** meillo@367: ** This program is distributed in the hope that it will be useful, meillo@367: ** but WITHOUT ANY WARRANTY; without even the implied warranty of meillo@367: ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the meillo@367: ** GNU General Public License for more details. meillo@367: ** meillo@367: ** You should have received a copy of the GNU General Public License meillo@367: ** along with this program; if not, write to the Free Software meillo@367: ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. meillo@0: */ meillo@0: meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: meillo@0: #include meillo@0: meillo@0: #include "masqmail.h" meillo@0: meillo@367: /* meillo@367: ** mutually exclusive modes. Note that there is no 'queue daemon' mode. meillo@367: ** It, as well as the distinction beween the two (non exclusive) daemon meillo@367: ** (queue and listen) modes, is handled by flags. meillo@367: */ meillo@281: enum mta_mode { meillo@281: MODE_NONE = 0, /* to check if a mode was set */ meillo@281: MODE_ACCEPT, /* accept message on stdin (fallback mode) */ meillo@10: MODE_DAEMON, /* run as daemon */ meillo@10: MODE_RUNQUEUE, /* single queue run, online or offline */ meillo@10: MODE_SMTP, /* accept SMTP on stdin */ meillo@10: MODE_LIST, /* list queue */ meillo@10: MODE_MCMD, /* do queue manipulation */ meillo@10: MODE_VERSION, /* show version */ meillo@10: MODE_BI, /* fake ;-) */ meillo@281: }; meillo@281: enum mta_mode mta_mode = MODE_NONE; meillo@0: meillo@0: char *pidfile = NULL; meillo@0: volatile int sigterm_in_progress = 0; meillo@0: meillo@10: static void meillo@10: sigterm_handler(int sig) meillo@0: { meillo@10: if (sigterm_in_progress) meillo@10: raise(sig); meillo@10: sigterm_in_progress = 1; meillo@0: meillo@10: if (pidfile) { meillo@331: uid_t uid = geteuid(); meillo@331: if (seteuid(0) != 0) { meillo@409: logwrite(LOG_ALERT, "sigterm_handler: could not set " meillo@409: "euid to %d: %s\n", meillo@409: 0, strerror(errno)); meillo@331: } meillo@10: if (unlink(pidfile) != 0) meillo@409: logwrite(LOG_WARNING, meillo@409: "could not delete pid file %s: %s\n", meillo@409: pidfile, strerror(errno)); meillo@10: seteuid(uid); /* we exit anyway after this, just to be sure */ meillo@10: } meillo@0: meillo@10: signal(sig, SIG_DFL); meillo@10: raise(sig); meillo@0: } meillo@0: meillo@249: /* meillo@367: ** argv: the original argv meillo@367: ** argp: number of arg (may get modified!) meillo@367: ** cp: pointing to the char after the option meillo@367: ** e.g. `-d 6' `-d6' meillo@367: ** ^ ^ meillo@249: */ meillo@10: gchar* meillo@366: get_optarg(char *argv[], gint *argp, char *cp) meillo@0: { meillo@249: if (*cp) { meillo@249: /* this kind: -xval */ meillo@249: return cp; meillo@249: } meillo@249: cp = argv[*argp+1]; meillo@249: if (cp && (*cp != '-')) { meillo@249: /* this kind: -x val */ meillo@249: (*argp)++; meillo@249: return cp; meillo@10: } meillo@10: return NULL; meillo@0: } meillo@0: meillo@10: gboolean meillo@366: write_pidfile(gchar *name) meillo@0: { meillo@10: FILE *fptr; meillo@0: meillo@10: if ((fptr = fopen(name, "wt"))) { meillo@10: fprintf(fptr, "%d\n", getpid()); meillo@10: fclose(fptr); meillo@10: pidfile = strdup(name); meillo@10: return TRUE; meillo@10: } meillo@409: logwrite(LOG_WARNING, "could not write pid file: %s\n", meillo@409: strerror(errno)); meillo@10: return FALSE; meillo@10: } meillo@0: meillo@264: /* on -bd or if -q has an argument */ meillo@10: static void meillo@10: mode_daemon(gboolean do_listen, gint queue_interval, char *argv[]) meillo@10: { meillo@10: guint pid; meillo@0: meillo@10: /* daemon */ meillo@10: if (!conf.run_as_user) { meillo@10: if ((conf.orig_uid != 0) && (conf.orig_uid != conf.mail_uid)) { meillo@409: fprintf(stderr, "must be root or %s for daemon.\n", meillo@409: DEF_MAIL_USER); meillo@262: exit(1); meillo@10: } meillo@10: } meillo@0: meillo@74: /* reparent to init only if init is not already the parent */ meillo@74: if (getppid() != 1) { meillo@74: if ((pid = fork()) > 0) { meillo@262: exit(0); meillo@74: } else if (pid < 0) { meillo@208: logwrite(LOG_ALERT, "could not fork!\n"); meillo@262: exit(1); meillo@74: } meillo@10: } meillo@0: meillo@10: signal(SIGTERM, sigterm_handler); meillo@10: write_pidfile(PIDFILEDIR "/masqmail.pid"); meillo@0: meillo@10: conf.do_verbose = FALSE; meillo@10: meillo@367: /* meillo@367: ** closing and reopening the log ensures that it is open afterwards meillo@367: ** because it is possible that the log is assigned to fd 1 and gets meillo@367: ** thus closes by fclose(stdout). Similar for the debugfile. meillo@72: */ meillo@72: logclose(); meillo@10: fclose(stdin); meillo@10: fclose(stdout); meillo@10: fclose(stderr); meillo@72: logopen(); meillo@10: meillo@208: logwrite(LOG_NOTICE, "%s %s daemon starting\n", PACKAGE, VERSION); meillo@409: listen_port(do_listen ? conf.listen_addresses : NULL, meillo@409: queue_interval, argv); meillo@0: } meillo@0: meillo@264: /* -bs or called as smtpd or in.smtpd */ meillo@10: static void meillo@10: mode_smtp() meillo@0: { meillo@10: /* accept smtp message on stdin */ meillo@10: /* write responses to stderr. */ meillo@0: meillo@10: struct sockaddr_in saddr; meillo@10: gchar *peername = NULL; meillo@10: int dummy = sizeof(saddr); meillo@0: meillo@10: conf.do_verbose = FALSE; meillo@0: meillo@10: if (!conf.run_as_user) { meillo@331: set_euidgid(conf.orig_uid, conf.orig_gid, NULL, NULL); meillo@10: } meillo@0: meillo@10: DEBUG(5) debugf("accepting smtp message on stdin\n"); meillo@0: meillo@10: if (getpeername(0, (struct sockaddr *) (&saddr), &dummy) == 0) { meillo@10: peername = g_strdup(inet_ntoa(saddr.sin_addr)); meillo@10: } else if (errno != ENOTSOCK) meillo@262: exit(1); meillo@0: meillo@10: smtp_in(stdin, stderr, peername, NULL); meillo@0: } meillo@0: meillo@264: /* default mode if address args or -t is specified, or called as rmail */ meillo@10: static void meillo@367: mode_accept(address *return_path, gchar *full_sender_name, guint accept_flags, meillo@367: char **addresses, int addr_cnt) meillo@0: { meillo@10: /* accept message on stdin */ meillo@10: accept_error err; meillo@10: message *msg = create_message(); meillo@10: gint i; meillo@266: pid_t pid; meillo@0: meillo@83: if (return_path && !is_privileged_user(conf.orig_uid)) { meillo@409: fprintf(stderr, "must be root, %s or in group %s for " meillo@409: "setting return path.\n", meillo@409: DEF_MAIL_USER, DEF_MAIL_GROUP); meillo@262: exit(1); meillo@10: } meillo@0: meillo@10: if (!conf.run_as_user) { meillo@331: set_euidgid(conf.orig_uid, conf.orig_gid, NULL, NULL); meillo@10: } meillo@0: meillo@10: DEBUG(5) debugf("accepting message on stdin\n"); meillo@0: meillo@10: msg->received_prot = PROT_LOCAL; meillo@276: meillo@276: /* warn if -t option and cmdline addr args */ meillo@276: if (addr_cnt && (accept_flags & ACC_RCPT_FROM_HEAD)) { meillo@409: logwrite(LOG_ALERT, "command line address arguments are " meillo@409: "now *added* to the mail header\\\n"); meillo@409: logwrite(LOG_ALERT, " recipient addresses (instead of " meillo@409: "substracted) when -t is given.\\\n"); meillo@276: logwrite(LOG_ALERT, " this changed with version 0.3.1\n"); meillo@276: } meillo@276: meillo@10: for (i = 0; i < addr_cnt; i++) { meillo@266: if (addresses[i][0] == '|') { meillo@409: logwrite(LOG_ALERT, "no pipe allowed as recipient " meillo@409: "address: %s\n", addresses[i]); meillo@276: /* should we better ignore this one addr? */ meillo@262: exit(1); meillo@10: } meillo@409: msg->rcpt_list = g_list_append(msg->rcpt_list, meillo@409: create_address_qualified(addresses[i], meillo@409: TRUE, conf.host_name)); meillo@10: } meillo@0: meillo@10: /* -f option */ meillo@10: msg->return_path = return_path; meillo@0: meillo@10: /* -F option */ meillo@10: msg->full_sender_name = full_sender_name; meillo@0: meillo@266: err = accept_message(stdin, msg, accept_flags); meillo@0: meillo@266: switch (err) { meillo@266: case AERR_OK: meillo@266: /* to continue; all other cases exit */ meillo@266: break; meillo@266: case AERR_EOF: meillo@266: fprintf(stderr, "unexpected EOF.\n"); meillo@266: exit(1); meillo@266: case AERR_NORCPT: meillo@266: fprintf(stderr, "no recipients.\n"); meillo@266: exit(1); meillo@266: case AERR_SIZE: meillo@266: fprintf(stderr, "max message size exceeded.\n"); meillo@266: exit(1); meillo@266: default: meillo@266: /* should never happen: */ meillo@266: fprintf(stderr, "Unknown error (%d)\r\n", err); meillo@266: exit(1); meillo@266: } meillo@266: meillo@266: if (!spool_write(msg, TRUE)) { meillo@266: fprintf(stderr, "Could not write spool file\n"); meillo@266: exit(1); meillo@266: } meillo@266: meillo@267: /* here the mail is queued and thus in our responsibility */ meillo@409: logwrite(LOG_NOTICE, "%s <= %s with %s\n", msg->uid, meillo@409: addr_string(msg->return_path), prot_names[PROT_LOCAL]); meillo@266: meillo@266: if (conf.do_queue) { meillo@266: /* we're finished as we only need to queue it */ meillo@266: return; meillo@266: } meillo@266: meillo@266: /* deliver at once */ meillo@266: if ((pid = fork()) < 0) { meillo@409: logwrite(LOG_ALERT, "could not fork for delivery, id = %s\n", meillo@409: msg->uid); meillo@266: } else if (pid == 0) { meillo@266: conf.do_verbose = FALSE; meillo@266: fclose(stdin); meillo@266: fclose(stdout); meillo@266: fclose(stderr); meillo@266: if (deliver(msg)) { meillo@266: exit(0); meillo@10: } else { meillo@267: /* meillo@367: ** TODO: Should we really fail here? Because the meillo@367: ** mail is queued already. If we fail the client meillo@367: ** might submit it again. If at-once-delivery meillo@367: ** is seen as an additional best-effort service, meillo@367: ** then we should still exit successful here. meillo@267: */ meillo@262: exit(1); meillo@10: } meillo@0: } meillo@0: } meillo@0: meillo@250: /* meillo@367: ** if -Mrm is given meillo@367: ** meillo@367: ** currently only the `rm' command is supported meillo@367: ** until this changes, we don't need any facility for further commands meillo@367: ** return success if at least one message had been deleted meillo@250: */ meillo@250: static int meillo@366: manipulate_queue(char *cmd, char *id[]) meillo@250: { meillo@250: gboolean ok = FALSE; meillo@250: meillo@250: if (strcmp(cmd, "rm") != 0) { meillo@250: fprintf(stderr, "unknown command %s\n", cmd); meillo@250: return FALSE; meillo@250: } meillo@250: meillo@250: set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL); meillo@250: meillo@250: /* privileged users may delete any mail */ meillo@250: if (is_privileged_user(conf.orig_uid)) { meillo@250: for (; *id; id++) { meillo@250: fprintf(stderr, "id: %s\n", *id); meillo@250: if (queue_delete(*id)) { meillo@250: ok = TRUE; meillo@250: } meillo@250: } meillo@250: return ok; meillo@250: } meillo@250: meillo@250: struct passwd *pw = getpwuid(conf.orig_uid); meillo@250: if (!pw) { meillo@409: fprintf(stderr, "could not find a passwd entry for " meillo@409: "uid %d: %s\n", meillo@409: conf.orig_uid, strerror(errno)); meillo@250: return FALSE; meillo@250: } meillo@250: meillo@250: /* non-privileged users may only delete their own messages */ meillo@250: for (; *id; id++) { meillo@349: message *msg = msg_spool_read(*id); meillo@250: meillo@250: fprintf(stderr, "id: %s\n", *id); meillo@250: meillo@250: if (!msg->ident) { meillo@409: fprintf(stderr, "message %s does not have an ident\n", meillo@409: *id); meillo@250: continue; meillo@250: } meillo@250: if (strcmp(pw->pw_name, msg->ident) != 0) { meillo@250: fprintf(stderr, "you do not own message id %s\n", *id); meillo@250: continue; meillo@250: } meillo@250: meillo@378: if (msg->received_host || (msg->received_prot != PROT_LOCAL)) { meillo@409: fprintf(stderr, "message %s was not received " meillo@409: "locally\n", *id); meillo@250: continue; meillo@250: } meillo@250: meillo@250: ok = queue_delete(*id); meillo@250: } meillo@250: return ok; meillo@250: } meillo@250: meillo@264: /* -qo, -q (without argument), or called as runq */ meillo@251: static int meillo@366: run_queue(gboolean do_runq, gboolean do_runq_online, char *route_name) meillo@251: { meillo@251: int ret; meillo@251: meillo@251: /* queue runs */ meillo@251: set_identity(conf.orig_uid, "queue run"); meillo@251: meillo@251: if (do_runq) { meillo@251: ret = queue_run(); meillo@251: } meillo@251: meillo@251: if (do_runq_online) { meillo@251: if (route_name) { meillo@409: conf.online_query = g_strdup_printf("/bin/echo %s", meillo@409: route_name); meillo@251: } meillo@367: /* meillo@367: ** TODO: change behavior of `-qo without argument'? meillo@367: ** Because that behavior is included in -q. meillo@367: */ meillo@251: ret = queue_run_online(); meillo@251: } meillo@251: return ret; meillo@251: } meillo@251: meillo@264: /* -bV or default mode if neither addr arg nor -t */ meillo@261: static void meillo@261: mode_version(void) meillo@261: { meillo@261: gchar *with_resolver = ""; meillo@261: gchar *with_auth = ""; meillo@261: meillo@261: #ifdef ENABLE_RESOLVER meillo@261: with_resolver = " +resolver"; meillo@261: #endif meillo@261: #ifdef ENABLE_AUTH meillo@261: with_auth = " +auth"; meillo@261: #endif meillo@261: meillo@378: printf("%s %s%s%s\n", PACKAGE, VERSION, with_resolver, with_auth); meillo@261: } meillo@261: meillo@281: void meillo@281: set_mode(enum mta_mode mode) meillo@281: { meillo@281: if (mta_mode && mta_mode!=mode) { meillo@409: fprintf(stderr, "operation mode was already specified " meillo@409: "(%d vs. %d)\n", mta_mode, mode); meillo@281: exit(1); meillo@281: } meillo@281: meillo@281: mta_mode = mode; meillo@281: return; meillo@281: } meillo@281: meillo@0: int meillo@0: main(int argc, char *argv[]) meillo@0: { meillo@251: gchar *progname; meillo@366: char *opt; meillo@249: gint arg; meillo@0: meillo@10: gboolean do_listen = FALSE; meillo@10: gboolean do_runq = FALSE; meillo@10: gboolean do_runq_online = FALSE; meillo@10: gboolean do_queue = FALSE; meillo@10: gint queue_interval = 0; meillo@251: gchar *M_cmd = NULL; meillo@10: gboolean opt_t = FALSE; meillo@10: gboolean opt_i = FALSE; meillo@251: gchar *conf_file = CONF_FILE; meillo@10: gchar *route_name = NULL; meillo@10: gchar *f_address = NULL; meillo@251: address *return_path = NULL; /* may be changed by -f option */ meillo@10: gchar *full_sender_name = NULL; meillo@251: gboolean do_verbose = FALSE; meillo@251: gint debug_level = -1; meillo@0: meillo@260: /* strip the path part */ meillo@261: progname = strrchr(argv[0], '/'); meillo@261: progname = (progname) ? progname+1 : argv[0]; meillo@0: meillo@10: if (strcmp(progname, "mailq") == 0) { meillo@10: mta_mode = MODE_LIST; meillo@10: } else if (strcmp(progname, "mailrm") == 0) { meillo@10: mta_mode = MODE_MCMD; meillo@10: M_cmd = "rm"; meillo@284: } else if (strcmp(progname, "newaliases") == 0) { meillo@284: mta_mode = MODE_BI; meillo@10: } else if (strcmp(progname, "rmail") == 0) { meillo@367: /* meillo@367: ** the `rmail' alias should probably be removed now meillo@367: ** that we have the rmail script. But let's keep it meillo@367: ** for some while for compatibility. 2010-06-19 meillo@367: */ meillo@10: mta_mode = MODE_ACCEPT; meillo@10: opt_i = TRUE; meillo@284: } else if (strcmp(progname, "runq") == 0) { meillo@284: mta_mode = MODE_RUNQUEUE; meillo@284: do_runq = TRUE; meillo@284: } else if (strcmp(progname, "smtpd") == 0 meillo@284: || strcmp(progname, "in.smtpd") == 0) { meillo@10: mta_mode = MODE_SMTP; meillo@10: } meillo@0: meillo@10: /* parse cmd line */ meillo@249: for (arg=1; arg= 0) { /* if >= 0, it was given by argument */ meillo@10: conf.debug_level = debug_level; meillo@251: } meillo@0: meillo@367: /* meillo@367: ** It appears that changing to / ensures that we are never in meillo@367: ** a directory which we cannot access. This situation could be meillo@367: ** possible after changing identity. meillo@367: ** Maybe we should only change to / if we not run as user, to meillo@367: ** allow relative paths for log files in test setups for meillo@367: ** instance. meillo@46: */ meillo@10: chdir("/"); meillo@0: meillo@10: if (!conf.run_as_user) { meillo@10: if (setgid(0) != 0) { meillo@409: fprintf(stderr, "could not set gid to 0. " meillo@409: "Is the setuid bit set? : %s\n", meillo@409: strerror(errno)); meillo@262: exit(1); meillo@10: } meillo@10: if (setuid(0) != 0) { meillo@409: fprintf(stderr, "could not gain root privileges. " meillo@409: "Is the setuid bit set? : %s\n", meillo@409: strerror(errno)); meillo@262: exit(1); meillo@10: } meillo@10: } meillo@0: meillo@10: if (!logopen()) { meillo@10: fprintf(stderr, "could not open log file\n"); meillo@262: exit(1); meillo@10: } meillo@0: meillo@10: DEBUG(1) debugf("masqmail %s starting\n", VERSION); meillo@0: meillo@10: DEBUG(5) { meillo@10: gchar **str = argv; meillo@10: debugf("args: \n"); meillo@10: while (*str) { meillo@10: debugf("%s \n", *str); meillo@10: str++; meillo@10: } meillo@10: } meillo@10: DEBUG(5) debugf("queue_interval = %d\n", queue_interval); meillo@0: meillo@10: if (f_address) { meillo@409: return_path = create_address_qualified(f_address, TRUE, meillo@409: conf.host_name); meillo@10: g_free(f_address); meillo@10: if (!return_path) { meillo@409: fprintf(stderr, "invalid RFC821 address: %s\n", meillo@409: f_address); meillo@262: exit(1); meillo@10: } meillo@10: } meillo@10: meillo@10: switch (mta_mode) { meillo@10: case MODE_DAEMON: meillo@10: mode_daemon(do_listen, queue_interval, argv); meillo@10: break; meillo@251: meillo@10: case MODE_RUNQUEUE: meillo@251: exit(run_queue(do_runq, do_runq_online, route_name) ? 0 : 1); meillo@10: break; meillo@10: meillo@10: case MODE_SMTP: meillo@10: mode_smtp(); meillo@10: break; meillo@10: meillo@10: case MODE_LIST: meillo@10: queue_list(); meillo@10: break; meillo@10: meillo@10: case MODE_BI: meillo@262: exit(0); meillo@10: break; /* well... */ meillo@10: meillo@10: case MODE_MCMD: meillo@250: exit(manipulate_queue(M_cmd, &argv[arg]) ? 0 : 1); meillo@10: break; meillo@10: meillo@10: case MODE_ACCEPT: meillo@10: { meillo@409: guint accept_flags = 0; meillo@409: accept_flags |= (opt_t ? ACC_RCPT_FROM_HEAD : 0); meillo@409: accept_flags |= (opt_i ? meillo@409: ACC_DOT_IGNORE : ACC_NODOT_RELAX); meillo@409: mode_accept(return_path, full_sender_name, meillo@409: accept_flags, argv + arg, argc - arg); meillo@258: exit(0); meillo@10: } meillo@10: break; meillo@251: meillo@10: default: meillo@10: fprintf(stderr, "unknown mode: %d\n", mta_mode); meillo@10: break; meillo@0: } meillo@0: meillo@10: logclose(); meillo@0: meillo@263: exit(0); meillo@0: }